What Is Microsoft Pluton and Why Does It Matter for Cheats?

Microsoft Pluton is the security architecture that ends the spoofer era for titles that fully adopt it. It is not theoretical — Pluton ships on every new AMD Ryzen 6000+ and Intel Core Ultra processor since 2022, and Microsoft Remote Attestation on Call of Duty: Black Ops 7 is the first major game to use it for anti-cheat. Here is what Pluton is, how it differs from TPM 2.0, and what it means for HWID spoofers.

What Pluton actually is

Pluton is a security processor integrated into the CPU silicon — not a separate chip on the motherboard, not a firmware-based TPM running in the CPU's privileged mode. It is its own physical processor with its own memory and its own cryptographic engine, sitting next to the main CPU cores on the same die. The Microsoft Pluton documentation describes it as the result of the Xbox security architecture being brought to Windows PCs. It can act as a TPM 2.0 (so it satisfies Windows 11's TPM requirement automatically), but its capabilities exceed standard TPM.

How Pluton differs from TPM 2.0

A traditional TPM 2.0 chip is on a separate bus (LPC, SPI) connected to the motherboard. Even if the chip is secure, the bus between TPM and CPU is potentially attackable — bus sniffing attacks have been demonstrated against discrete TPMs. Pluton eliminates the bus entirely because it sits on the same die as the CPU. The data never leaves the silicon. Pluton also includes a direct cryptographic relationship with Microsoft's cloud — its keys are provisioned by Microsoft, signed by Microsoft, and its attestations are verifiable against Microsoft's servers. This is the "chip-to-cloud" model.

Microsoft Remote Attestation in practice

Black Ops 7 was the first major title to deploy Microsoft Remote Attestation, which uses Pluton (or a TPM 2.0 in non-Pluton CPUs) to attest the entire boot chain to Microsoft's servers. At boot, the client signs a quote of the PCR values with the TPM/Pluton private key. Microsoft verifies the quote against its records of legitimate hardware, signs an attestation token, and the game server requires that token to authenticate the session. Per the architecture documented in the Windows hardware security architecture pages, this means the game's identity verification runs through Microsoft's infrastructure — not just the publisher's anti-cheat.

Why this matters for HWID spoofers

A HWID spoofer hooks the kernel read path for hardware identifiers. Pluton-rooted attestation does not go through the kernel read path. The TPM/Pluton chip cryptographically signs the quote with a key the spoofer cannot access. Microsoft verifies the quote against records the spoofer cannot influence. The token returned to the game cannot be forged. The spoofer has no surface to attack — every attack vector that worked on classical hardware fingerprinting is closed.

Today's scope vs long-term scope

In May 2026, Pluton-rooted Remote Attestation is deployed on one major title (COD: Black Ops 7) and partially on FACEIT's competitive tier. Every other major game we sell cheats for — Fortnite (non-tournament), Rust, PUBG, Overwatch 2, Marvel Rivals, Arc Raiders, Apex, Tarkov — uses classical hardware fingerprinting that a Layer 1 driver spoofer can address. The trajectory is clear: more games will follow BO7 into Pluton-rooted attestation. The question is timing, not direction.

Why Microsoft is pushing this

The economic argument for Microsoft is straightforward. Cheating is one of the largest sources of player churn in online games and games are increasingly a Microsoft ecosystem (Activision acquisition, Bethesda, the "We are Xbox" rebrand). Microsoft selling chip-to-cloud attestation as an anti-cheat foundation provides direct revenue (Pluton licensing to AMD/Intel/Qualcomm), retention for game publishers using Xbox/Microsoft services, and a strategic moat against console-class cheating coming to PC.

What spoofers can still do

A driver-layer spoofer still randomizes the 16 classical identifier categories — SMBIOS, motherboard, disk, MAC, GPU, RAM SPD, USB/PCI, MachineGuid, EDID. This remains effective against anti-cheats that read those values directly. For Pluton-rooted ACs, the spoofer is not the right tool — but you also do not necessarily need one. If your TPM/Pluton has never been on the AC's ban list, you can play normally; the attestation token issues correctly. The Pluton problem only bites you if you have a Pluton-banned identity, in which case the only fix is a different CPU (Pluton is per-CPU, not per-motherboard).

RawCheats positioning

We do not sell cheats for COD: Black Ops 7 specifically because of the Remote Attestation deployment. We do sell for Warzone and COD: Modern Warfare / Black Ops 6 because those titles still rely on Ricochet's classical fingerprinting. As more titles adopt Pluton-rooted attestation, our product lineup will narrow to titles where the technology is bypassable. Honesty about scope is the credibility wedge — vendors who promise Pluton bypass at $30/month are misrepresenting their product per the Acronis TRU research on fake game cheats.

What to track going forward

Watch which anti-cheats adopt Microsoft Remote Attestation. EAC has not deployed it yet. BattlEye has not. NetEase NeacSafe has not. When they do, our coverage on those titles will need a different approach. The deeper outlook in TPM, Pluton, and Remote Attestation — will HWID spoofers work in 2027 tracks the adoption timeline.

For everything else — the games that still run classical fingerprinting — Raw Spoofer covers the spoofable surface for $4.99 per month.